<?php

/**
 * LoginForm class.
 * LoginForm is the data structure for keeping
 * user login form data. It is used by the 'login' action of 'SiteController'.
 */
class LoginForm extends CFormModel {
	public $username;
	public $password;
	public $rememberMe;

	private $_identity;
	
	private $roleRelationship = array(
		'0' => array('role'=>'unknown', 'operations'=>array('manageUnknown')),
		'1' => array('role'=>'operator', 'operations'=>array('manageContract')),
		'2' => array('role'=>'manager', 'operations'=>array('manageProductingArrangement')),
		'3' => array('role'=>'sysAdmin', 'operations'=>array('manageUser')),
	);
	
	/**
	 * Declares the validation rules.
	 * The rules state that username and password are required,
	 * and password needs to be authenticated.
	 */
	public function rules() {
		return array(
			// username and password are required
			array('username, password', 'required'),
			// rememberMe needs to be a boolean
			array('rememberMe', 'boolean'),
			// password needs to be authenticated
			array('password', 'authenticate'),
		);
	}

	/**
	 * Declares attribute labels.
	 */
	public function attributeLabels() {
		return array(
			'rememberMe'=>'Remember me next time',
		);
	}

	/**
	 * Authenticates the password.
	 * This is the 'authenticate' validator as declared in rules().
	 */
	public function authenticate($attribute,$params) {
		if(!$this->hasErrors()) {
			$this->_identity=new UserIdentity($this->username,$this->password);
			$authenticateStatus = $this->_identity->authenticate();
			switch ($authenticateStatus) {
				case UserIdentity::ERROR_USERNAME_INVALID:
					$this->addError('username','该用户不存在');
					break;
				case UserIdentity::ERROR_PASSWORD_INVALID:
					$this->addError('password','密码错误，请重新输入');
					break;
				case UserIdentity::ERROR_STATUS_PREVENTED:
					$this->addError('username','该用户已被删除，具体原因请与管理员联系');
					break;
				default:
					break;
			}

		}
	}

	/**
	 * Logs in the user using the given username and password in the model.
	 * @return boolean whether login is successful
	 */
	public function login() {
		if($this->_identity===null) {
			$this->_identity=new UserIdentity($this->username,$this->password);
			$this->_identity->authenticate();
		}
		if($this->_identity->errorCode===UserIdentity::ERROR_NONE) {
			$duration=$this->rememberMe ? 3600*24*30 : 0; // 30 days
			Yii::app()->user->login($this->_identity,$duration);
			$this->assignRole();
			return true;
		} else
			return false;
	}
	
	/**
	 * Assign the system role to current user
	 */
	private function assignRole() {
		$auth = Yii::app()->authManager;
		/* uncomment the followings to init roles data
		foreach ($this->roleRelationship as $roleId => $roleInfo) {
			$role = $auth->createRole($roleInfo['role']);
			foreach($roleInfo['operations'] as $operation) {
				$auth->createOperation($operation);
				$role->addChild($operation);
			}
		}
		*/
		$auth->clearAuthAssignments();
		$specifiedRole = isset($this->roleRelationship[Yii::app()->user->getState('role')]) ?
			$this->roleRelationship[Yii::app()->user->getState('role')]['role'] : $this->roleRelationship[0]['role'];
		$auth->assign($specifiedRole, Yii::app()->user->id);
		$auth->save();
	}
}